What Information Do We Collect?

We collect private and confidential data necessary to deliver our agreed-upon services and during our complimentary consultations and support sessions. All data collected from our potential and existing clients is treated with the utmost confidentiality. This includes non-disclosure to third parties without explicit permission and the implementation of non-disclosure agreements.

We encourage you to reach out to us and provide your company details so we can customize our responses to your requirements and provide accurate quotations and services. Only the name and email address fields are mandatory for these inquiries. You have the option to refrain from submitting any other details you prefer not to disclose.

We utilize Google Ads, Analytics, Tag Manager, Hubspot, and other tools on our website for marketing purposes and to analyze traffic and trends. Our use of these tools does not identify individuals or track their navigation behaviors. We do not export data outside of these applications or share it with any third parties, including our established partners.

Where Does Your Data Go?

The data collected may be used in the following systems, depending on the stage and requirements of the support we are providing you:

  • Google Workspace: Google Business products utilized for client communications, secured with multi-factor authentication and Google Business-grade security practices. Google issues SOC 1, SOC 2, and SOC 3 reports annually.
  • Hubspot: Our customer relationship management (CRM) system used for marketing emails, account tracking, and hosting of our website content management system (CMS). Hubspot issues SOC 2 Type II reports annually.
  • Trello: Utilized for tracking requirements and assurance reporting steps for certain clients. Atlassian issues SOC 2 Type II reports for Trello.
  • Xero: A cloud-based application used for company accounting and invoicing, with SOC 2 Type II reports issued by Xero.

We minimize the data stored in each location based on the requirements to effectively support our services to you.

Data Retention and Disposal

We retain all data collected until deletion is requested to ensure effective service provision and tailored support based on your interaction history with us. Deletion requests can be made by contacting us directly. Audit files, including all shared documentation to verify compliance, are retained for seven (7) years to comply with our internal compliance requirements. We encourage our clients to sanitize, mask, or otherwise reduce the sensitivity of documentation shared with us.

Tools Utilization

Our free tools, assessments, and applications collect data from your responses to questions to provide automated and tailored outputs such as readiness reports and policy automation to support your compliance goals.

We utilize the data to provide services and may use it in anonymized and statistical forms to provide guidance and benchmarking to our clients, partners, and associates. We ensure statistical analysis does not compromise confidentiality and refrain from using statistics that could identify attributes of individual customers or users.

If you have concerns regarding security, privacy, or confidentiality, we support the use of an alias contact and company name to prevent identifiable data. This requires the use of a non-business email address, and you should contact us separately to provide the alias for secure report delivery.

What Are Your Rights?

We uphold all rights under relevant data protection laws and regulations. For data-related requests, please contact us directly.

Contact us at enquiries@coalhaven.com for any inquiries or assistance.